From ae46498a04ac30618e3a529a728ad4c53371f393 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 6 May 2024 00:28:20 +0000 Subject: [PATCH] chore: update SBOM for Python 3.9 --- sbom/cve-bin-tool-py3.9.json | 770 ++++++++++++++++++----------------- sbom/cve-bin-tool-py3.9.spdx | 513 ++++++++++++----------- 2 files changed, 674 insertions(+), 609 deletions(-) diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index fe17bf2ca3..3dfc265b8b 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:0d3d2b16-7b83-46ba-9b16-bd2a7f58b42c", + "serialNumber": "urn:uuid:56c5c5f1-72d5-4d37-921d-7e5fa7e38ab0", "version": 1, "metadata": { - "timestamp": "2024-04-29T00:27:05Z", + "timestamp": "2024-05-06T00:28:19Z", "tools": { "components": [ { @@ -652,7 +652,7 @@ "type": "library", "bom-ref": "16-gsutil", "name": "gsutil", - "version": "5.27", + "version": "5.28", "supplier": { "name": "Google Inc .", "contact": [ @@ -661,7 +661,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.28:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -673,12 +673,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gsutil/5.27", + "url": "https://pypi.org/project/gsutil/5.28", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.27", + "purl": "pkg:pypi/gsutil@5.28", "properties": [ { "name": "language", @@ -827,7 +827,7 @@ "type": "library", "bom-ref": "20-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", - "version": "3.0", + "version": "3.2", "supplier": { "name": "Google Inc .", "contact": [ @@ -836,7 +836,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*", "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.", "licenses": [ { @@ -848,12 +848,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.0", + "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.0", + "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2", "properties": [ { "name": "language", @@ -915,23 +915,23 @@ }, { "type": "library", - "bom-ref": "22-google-reauth", - "name": "google-reauth", - "version": "0.1.1", + "bom-ref": "22-google-auth", + "name": "google-auth", + "version": "2.17.0", "supplier": { - "name": "Google", + "name": "Google Cloud Platform", "contact": [ { - "email": "googleapis-publisher@google.com" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", - "description": "Google Reauth Library", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library", "hashes": [ { "alg": "SHA-1", - "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" + "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243" } ], "licenses": [ @@ -944,12 +944,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/google-reauth/0.1.1", + "url": "https://pypi.org/project/google-auth/2.17.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-reauth@0.1.1", + "purl": "pkg:pypi/google-auth@2.17.0", "properties": [ { "name": "language", @@ -963,23 +963,149 @@ }, { "type": "library", - "bom-ref": "23-pyu2f", - "name": "pyu2f", - "version": "0.1.5", + "bom-ref": "23-cachetools", + "name": "cachetools", + "version": "5.3.3", "supplier": { - "name": "Google Inc .", + "name": "Thomas Kemmer", "contact": [ { - "email": "pyu2f-team@google.com" + "email": "tkemmer@computer.org" } ] }, - "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", - "description": "U2F host library for interacting with a U2F device over USB.", + "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*", + "description": "Extensible memoizing collections and decorators", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/cachetools/5.3.3", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/cachetools@5.3.3", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.9.19" + } + ] + }, + { + "type": "library", + "bom-ref": "24-pyasn1-modules", + "name": "pyasn1-modules", + "version": "0.4.0", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*", + "description": "A collection of ASN.1-based protocols modules", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/pyasn1-modules@0.4.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.9.19" + } + ] + }, + { + "type": "library", + "bom-ref": "25-pyasn1", + "name": "pyasn1", + "version": "0.6.0", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*", + "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause", + "url": "https://opensource.org/licenses/BSD-2-Clause" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/pyasn1/0.6.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/pyasn1@0.6.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.9.19" + } + ] + }, + { + "type": "library", + "bom-ref": "26-rsa", + "name": "rsa", + "version": "4.7.2", + "supplier": { + "name": "Sybren A . Stuvel", + "contact": [ + { + "email": "sybren@stuvel.eu" + } + ] + }, + "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", + "description": "Pure-Python RSA implementation", "hashes": [ { "alg": "SHA-1", - "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" + "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" } ], "licenses": [ @@ -992,12 +1118,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyu2f/0.1.5", + "url": "https://pypi.org/project/rsa/4.7.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyu2f@0.1.5", + "purl": "pkg:pypi/rsa@4.7.2", "properties": [ { "name": "language", @@ -1011,7 +1137,7 @@ }, { "type": "library", - "bom-ref": "24-six", + "bom-ref": "27-six", "name": "six", "version": "1.16.0", "supplier": { @@ -1059,41 +1185,40 @@ }, { "type": "library", - "bom-ref": "25-httplib2", - "name": "httplib2", - "version": "0.20.4", + "bom-ref": "28-google-auth-httplib2", + "name": "google-auth-httplib2", + "version": "0.2.0", "supplier": { - "name": "Joe Gregorio", + "name": "Google Cloud Platform", "contact": [ { - "email": "joe@bitworking.org" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*", - "description": "A comprehensive HTTP client library.", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", "hashes": [ { "alg": "SHA-1", - "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4" + "content": "932ac88800dd6de004c1bd59867831ccf033f031" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/httplib2/0.20.4", + "url": "https://pypi.org/project/google-auth-httplib2/0.2.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/httplib2@0.20.4", + "purl": "pkg:pypi/google-auth-httplib2@0.2.0", "properties": [ { "name": "language", @@ -1107,33 +1232,41 @@ }, { "type": "library", - "bom-ref": "26-pyparsing", - "name": "pyparsing", - "version": "3.1.2", + "bom-ref": "29-httplib2", + "name": "httplib2", + "version": "0.20.4", "supplier": { - "name": "Paul McGuire", + "name": "Joe Gregorio", "contact": [ { - "email": "ptmcg.gm+pyparsing@gmail.com" + "email": "joe@bitworking.org" } ] }, - "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*", - "description": "pyparsing module - Classes and methods to define and execute parsing grammars", + "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*", + "description": "A comprehensive HTTP client library.", "hashes": [ { "alg": "SHA-1", - "content": "7d4bda2743ebc04f68d2594bc4fffc70cd65848f" + "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/pyparsing/3.1.2", + "url": "https://pypi.org/project/httplib2/0.20.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyparsing@3.1.2", + "purl": "pkg:pypi/httplib2@0.20.4", "properties": [ { "name": "language", @@ -1147,41 +1280,33 @@ }, { "type": "library", - "bom-ref": "27-oauth2client", - "name": "oauth2client", - "version": "4.1.3", + "bom-ref": "30-pyparsing", + "name": "pyparsing", + "version": "3.1.2", "supplier": { - "name": "Google Inc .", + "name": "Paul McGuire", "contact": [ { - "email": "jonwayne+oauth2client@google.com" + "email": "ptmcg.gm+pyparsing@gmail.com" } ] }, - "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", - "description": "OAuth 2.0 client library", + "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*", + "description": "pyparsing module - Classes and methods to define and execute parsing grammars", "hashes": [ { "alg": "SHA-1", - "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0" - } + "content": "7d4bda2743ebc04f68d2594bc4fffc70cd65848f" } ], "externalReferences": [ { - "url": "https://pypi.org/project/oauth2client/4.1.3", + "url": "https://pypi.org/project/pyparsing/3.1.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/oauth2client@4.1.3", + "purl": "pkg:pypi/pyparsing@3.1.2", "properties": [ { "name": "language", @@ -1195,35 +1320,41 @@ }, { "type": "library", - "bom-ref": "28-pyasn1", - "name": "pyasn1", - "version": "0.6.0", + "bom-ref": "31-google-reauth", + "name": "google-reauth", + "version": "0.1.1", "supplier": { - "name": "Ilya Etingof", + "name": "Google", "contact": [ { - "email": "etingof@gmail.com" + "email": "googleapis-publisher@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*", - "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", + "description": "Google Reauth Library", + "hashes": [ + { + "alg": "SHA-1", + "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" + } + ], "licenses": [ { "license": { - "id": "BSD-2-Clause", - "url": "https://opensource.org/licenses/BSD-2-Clause" + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1/0.6.0", + "url": "https://pypi.org/project/google-reauth/0.1.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1@0.6.0", + "purl": "pkg:pypi/google-reauth@0.1.1", "properties": [ { "name": "language", @@ -1237,35 +1368,41 @@ }, { "type": "library", - "bom-ref": "29-pyasn1-modules", - "name": "pyasn1-modules", - "version": "0.4.0", + "bom-ref": "32-pyu2f", + "name": "pyu2f", + "version": "0.1.5", "supplier": { - "name": "Ilya Etingof", + "name": "Google Inc .", "contact": [ { - "email": "etingof@gmail.com" + "email": "pyu2f-team@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*", - "description": "A collection of ASN.1-based protocols modules", + "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", + "description": "U2F host library for interacting with a U2F device over USB.", + "hashes": [ + { + "alg": "SHA-1", + "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" + } + ], "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause" + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0" } } ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "url": "https://pypi.org/project/pyu2f/0.1.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1-modules@0.4.0", + "purl": "pkg:pypi/pyu2f@0.1.5", "properties": [ { "name": "language", @@ -1279,23 +1416,23 @@ }, { "type": "library", - "bom-ref": "30-rsa", - "name": "rsa", - "version": "4.7.2", + "bom-ref": "33-oauth2client", + "name": "oauth2client", + "version": "4.1.3", "supplier": { - "name": "Sybren A . Stuvel", + "name": "Google Inc .", "contact": [ { - "email": "sybren@stuvel.eu" + "email": "jonwayne+oauth2client@google.com" } ] }, - "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", - "description": "Pure-Python RSA implementation", + "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", + "description": "OAuth 2.0 client library", "hashes": [ { "alg": "SHA-1", - "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" + "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" } ], "licenses": [ @@ -1308,12 +1445,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rsa/4.7.2", + "url": "https://pypi.org/project/oauth2client/4.1.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rsa@4.7.2", + "purl": "pkg:pypi/oauth2client@4.1.3", "properties": [ { "name": "language", @@ -1327,7 +1464,7 @@ }, { "type": "library", - "bom-ref": "31-pyopenssl", + "bom-ref": "34-pyopenssl", "name": "pyopenssl", "version": "24.1.0", "supplier": { @@ -1375,9 +1512,9 @@ }, { "type": "library", - "bom-ref": "32-cryptography", + "bom-ref": "35-cryptography", "name": "cryptography", - "version": "42.0.5", + "version": "42.0.6", "supplier": { "name": "The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1386,14 +1523,8 @@ } ] }, - "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.6:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", - "hashes": [ - { - "alg": "SHA-1", - "content": "33833f031d9d36234e11d9671be150d53b9e598d" - } - ], "licenses": [ { "expression": "Apache-2.0 OR BSD-3-Clause" @@ -1401,12 +1532,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cryptography/42.0.5", + "url": "https://pypi.org/project/cryptography/42.0.6", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@42.0.5", + "purl": "pkg:pypi/cryptography@42.0.6", "properties": [ { "name": "language", @@ -1420,7 +1551,7 @@ }, { "type": "library", - "bom-ref": "33-cffi", + "bom-ref": "36-cffi", "name": "cffi", "version": "1.16.0", "supplier": { @@ -1468,7 +1599,7 @@ }, { "type": "library", - "bom-ref": "34-pycparser", + "bom-ref": "37-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -1516,7 +1647,7 @@ }, { "type": "library", - "bom-ref": "35-retry-decorator", + "bom-ref": "38-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -1564,7 +1695,7 @@ }, { "type": "library", - "bom-ref": "36-google-apitools", + "bom-ref": "39-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -1612,91 +1743,7 @@ }, { "type": "library", - "bom-ref": "37-google-auth", - "name": "google-auth", - "version": "2.29.0", - "supplier": { - "name": "Google Cloud Platform", - "contact": [ - { - "email": "googleapis-packages@google.com" - } - ] - }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0" - } - } - ], - "externalReferences": [ - { - "url": "https://pypi.org/project/google-auth/2.29.0", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/google-auth@2.29.0", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.9.19" - } - ] - }, - { - "type": "library", - "bom-ref": "38-cachetools", - "name": "cachetools", - "version": "5.3.3", - "supplier": { - "name": "Thomas Kemmer", - "contact": [ - { - "email": "tkemmer@computer.org" - } - ] - }, - "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*", - "description": "Extensible memoizing collections and decorators", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" - } - } - ], - "externalReferences": [ - { - "url": "https://pypi.org/project/cachetools/5.3.3", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/cachetools@5.3.3", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.9.19" - } - ] - }, - { - "type": "library", - "bom-ref": "39-monotonic", + "bom-ref": "40-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -1744,7 +1791,7 @@ }, { "type": "library", - "bom-ref": "40-importlib-metadata", + "bom-ref": "41-importlib-metadata", "name": "importlib-metadata", "version": "7.1.0", "supplier": { @@ -1784,7 +1831,7 @@ }, { "type": "library", - "bom-ref": "41-zipp", + "bom-ref": "42-zipp", "name": "zipp", "version": "3.18.1", "supplier": { @@ -1824,32 +1871,18 @@ }, { "type": "library", - "bom-ref": "42-jinja2", + "bom-ref": "43-jinja2", "name": "jinja2", - "version": "3.1.3", + "version": "3.1.4", "description": "A very fast and expressive template engine.", - "hashes": [ - { - "alg": "SHA-1", - "content": "d9de4bb215fd1cc8092a410fb834c7c4060b1fc1" - } - ], - "licenses": [ - { - "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause" - } - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/Jinja2/3.1.3", + "url": "https://pypi.org/project/Jinja2/3.1.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jinja2@3.1.3", + "purl": "pkg:pypi/jinja2@3.1.4", "properties": [ { "name": "language", @@ -1863,7 +1896,7 @@ }, { "type": "library", - "bom-ref": "43-markupsafe", + "bom-ref": "44-markupsafe", "name": "markupsafe", "version": "2.1.5", "description": "Safely add untrusted strings to HTML/XML markup.", @@ -1902,13 +1935,13 @@ }, { "type": "library", - "bom-ref": "44-jsonschema", + "bom-ref": "45-jsonschema", "name": "jsonschema", - "version": "4.21.1", + "version": "4.22.0", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.22.0:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", "licenses": [ { @@ -1920,12 +1953,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema/4.21.1", + "url": "https://pypi.org/project/jsonschema/4.22.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema@4.21.1", + "purl": "pkg:pypi/jsonschema@4.22.0", "properties": [ { "name": "language", @@ -1939,7 +1972,7 @@ }, { "type": "library", - "bom-ref": "45-jsonschema-specifications", + "bom-ref": "46-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2023.12.1", "supplier": { @@ -1982,22 +2015,22 @@ }, { "type": "library", - "bom-ref": "46-referencing", + "bom-ref": "47-referencing", "name": "referencing", - "version": "0.35.0", + "version": "0.35.1", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*", "description": "JSON Referencing + Python", "externalReferences": [ { - "url": "https://pypi.org/project/referencing/0.35.0", + "url": "https://pypi.org/project/referencing/0.35.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/referencing@0.35.0", + "purl": "pkg:pypi/referencing@0.35.1", "properties": [ { "name": "language", @@ -2011,7 +2044,7 @@ }, { "type": "library", - "bom-ref": "47-rpds-py", + "bom-ref": "48-rpds-py", "name": "rpds-py", "version": "0.18.0", "supplier": { @@ -2048,7 +2081,7 @@ }, { "type": "library", - "bom-ref": "48-lib4sbom", + "bom-ref": "49-lib4sbom", "name": "lib4sbom", "version": "0.7.1", "supplier": { @@ -2061,6 +2094,12 @@ }, "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", + "hashes": [ + { + "alg": "SHA-1", + "content": "4acc6e53fef71b007dc63bac2d407a0d2bbf3bd4" + } + ], "licenses": [ { "license": { @@ -2090,7 +2129,7 @@ }, { "type": "library", - "bom-ref": "49-pyyaml", + "bom-ref": "50-pyyaml", "name": "pyyaml", "version": "6.0.1", "supplier": { @@ -2138,7 +2177,7 @@ }, { "type": "library", - "bom-ref": "50-semantic-version", + "bom-ref": "51-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2186,7 +2225,7 @@ }, { "type": "library", - "bom-ref": "51-packageurl-python", + "bom-ref": "52-packageurl-python", "name": "packageurl-python", "version": "0.15.0", "supplier": { @@ -2229,7 +2268,7 @@ }, { "type": "library", - "bom-ref": "52-packaging", + "bom-ref": "53-packaging", "name": "packaging", "version": "24.0", "supplier": { @@ -2263,9 +2302,9 @@ }, { "type": "library", - "bom-ref": "53-plotly", + "bom-ref": "54-plotly", "name": "plotly", - "version": "5.21.0", + "version": "5.22.0", "supplier": { "name": "Chris P", "contact": [ @@ -2274,7 +2313,7 @@ } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.21.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:*", "description": "An open-source, interactive data visualization library for Python", "licenses": [ { @@ -2286,12 +2325,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/plotly/5.21.0", + "url": "https://pypi.org/project/plotly/5.22.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/plotly@5.21.0", + "purl": "pkg:pypi/plotly@5.22.0", "properties": [ { "name": "language", @@ -2305,7 +2344,7 @@ }, { "type": "library", - "bom-ref": "54-tenacity", + "bom-ref": "55-tenacity", "name": "tenacity", "version": "8.2.3", "supplier": { @@ -2353,7 +2392,7 @@ }, { "type": "library", - "bom-ref": "55-python-gnupg", + "bom-ref": "56-python-gnupg", "name": "python-gnupg", "version": "0.5.2", "supplier": { @@ -2401,7 +2440,7 @@ }, { "type": "library", - "bom-ref": "56-requests", + "bom-ref": "57-requests", "name": "requests", "version": "2.31.0", "supplier": { @@ -2449,7 +2488,7 @@ }, { "type": "library", - "bom-ref": "57-certifi", + "bom-ref": "58-certifi", "name": "certifi", "version": "2024.2.2", "supplier": { @@ -2491,7 +2530,7 @@ }, { "type": "library", - "bom-ref": "58-charset-normalizer", + "bom-ref": "59-charset-normalizer", "name": "charset-normalizer", "version": "3.3.2", "supplier": { @@ -2539,7 +2578,7 @@ }, { "type": "library", - "bom-ref": "59-urllib3", + "bom-ref": "60-urllib3", "name": "urllib3", "version": "2.2.1", "supplier": { @@ -2573,7 +2612,7 @@ }, { "type": "library", - "bom-ref": "60-rich", + "bom-ref": "61-rich", "name": "rich", "version": "13.7.1", "supplier": { @@ -2615,7 +2654,7 @@ }, { "type": "library", - "bom-ref": "61-markdown-it-py", + "bom-ref": "62-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2655,7 +2694,7 @@ }, { "type": "library", - "bom-ref": "62-mdurl", + "bom-ref": "63-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2695,9 +2734,9 @@ }, { "type": "library", - "bom-ref": "63-pygments", + "bom-ref": "64-pygments", "name": "pygments", - "version": "2.17.2", + "version": "2.18.0", "supplier": { "name": "Georg Brandl", "contact": [ @@ -2706,14 +2745,8 @@ } ] }, - "cpe": "cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*", "description": "Pygments is a syntax highlighting package written in Python.", - "hashes": [ - { - "alg": "SHA-1", - "content": "ee30ce132ae252bd72f3a74c86d9314a2214d0b4" - } - ], "licenses": [ { "license": { @@ -2724,12 +2757,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.17.2", + "url": "https://pypi.org/project/Pygments/2.18.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pygments@2.17.2", + "purl": "pkg:pypi/pygments@2.18.0", "properties": [ { "name": "language", @@ -2743,7 +2776,7 @@ }, { "type": "library", - "bom-ref": "64-rpmfile", + "bom-ref": "65-rpmfile", "name": "rpmfile", "version": "2.0.0", "supplier": { @@ -2785,7 +2818,7 @@ }, { "type": "library", - "bom-ref": "65-toml", + "bom-ref": "66-toml", "name": "toml", "version": "0.10.2", "supplier": { @@ -2833,7 +2866,7 @@ }, { "type": "library", - "bom-ref": "66-xmlschema", + "bom-ref": "67-xmlschema", "name": "xmlschema", "version": "3.3.1", "supplier": { @@ -2875,7 +2908,7 @@ }, { "type": "library", - "bom-ref": "67-elementpath", + "bom-ref": "68-elementpath", "name": "elementpath", "version": "4.4.0", "supplier": { @@ -2917,7 +2950,7 @@ }, { "type": "library", - "bom-ref": "68-zstandard", + "bom-ref": "69-zstandard", "name": "zstandard", "version": "0.22.0", "supplier": { @@ -2981,22 +3014,22 @@ "14-distro", "15-filetype", "16-gsutil", - "40-importlib-metadata", - "42-jinja2", - "44-jsonschema", - "48-lib4sbom", - "51-packageurl-python", - "52-packaging", - "53-plotly", - "55-python-gnupg", - "49-pyyaml", - "56-requests", - "60-rich", - "64-rpmfile", - "65-toml", - "59-urllib3", - "66-xmlschema", - "68-zstandard" + "41-importlib-metadata", + "43-jinja2", + "45-jsonschema", + "49-lib4sbom", + "52-packageurl-python", + "53-packaging", + "54-plotly", + "56-python-gnupg", + "50-pyyaml", + "57-requests", + "61-rich", + "65-rpmfile", + "66-toml", + "60-urllib3", + "67-xmlschema", + "69-zstandard" ] }, { @@ -3036,179 +3069,190 @@ "18-crcmod", "19-fasteners", "20-gcs-oauth2-boto-plugin", - "36-google-apitools", - "37-google-auth", - "22-google-reauth", - "25-httplib2", - "39-monotonic", - "31-pyopenssl", - "35-retry-decorator", - "24-six" + "39-google-apitools", + "22-google-auth", + "28-google-auth-httplib2", + "31-google-reauth", + "29-httplib2", + "40-monotonic", + "34-pyopenssl", + "38-retry-decorator", + "27-six" ] }, { "ref": "20-gcs-oauth2-boto-plugin", "dependsOn": [ "21-boto", - "22-google-reauth", - "25-httplib2", - "27-oauth2client", - "31-pyopenssl", - "35-retry-decorator", - "30-rsa", - "24-six" + "22-google-auth", + "28-google-auth-httplib2", + "31-google-reauth", + "29-httplib2", + "33-oauth2client", + "34-pyopenssl", + "38-retry-decorator", + "26-rsa", + "27-six" ] }, { - "ref": "22-google-reauth", + "ref": "22-google-auth", "dependsOn": [ - "23-pyu2f" + "23-cachetools", + "24-pyasn1-modules", + "26-rsa", + "27-six" ] }, { - "ref": "23-pyu2f", + "ref": "24-pyasn1-modules", "dependsOn": [ - "24-six" + "25-pyasn1" ] }, { - "ref": "25-httplib2", + "ref": "26-rsa", "dependsOn": [ - "26-pyparsing" + "25-pyasn1" ] }, { - "ref": "27-oauth2client", + "ref": "28-google-auth-httplib2", "dependsOn": [ - "25-httplib2", - "28-pyasn1", - "29-pyasn1-modules", - "30-rsa", - "24-six" + "22-google-auth", + "29-httplib2" ] }, { - "ref": "29-pyasn1-modules", + "ref": "29-httplib2", "dependsOn": [ - "28-pyasn1" + "30-pyparsing" ] }, { - "ref": "30-rsa", + "ref": "31-google-reauth", "dependsOn": [ - "28-pyasn1" + "32-pyu2f" ] }, { - "ref": "31-pyopenssl", + "ref": "32-pyu2f", "dependsOn": [ - "32-cryptography" + "27-six" ] }, { - "ref": "32-cryptography", + "ref": "33-oauth2client", "dependsOn": [ - "33-cffi" + "29-httplib2", + "25-pyasn1", + "24-pyasn1-modules", + "26-rsa", + "27-six" ] }, { - "ref": "33-cffi", + "ref": "34-pyopenssl", "dependsOn": [ - "34-pycparser" + "35-cryptography" ] }, { - "ref": "36-google-apitools", + "ref": "35-cryptography", "dependsOn": [ - "19-fasteners", - "25-httplib2", - "27-oauth2client", - "24-six" + "36-cffi" + ] + }, + { + "ref": "36-cffi", + "dependsOn": [ + "37-pycparser" ] }, { - "ref": "37-google-auth", + "ref": "39-google-apitools", "dependsOn": [ - "38-cachetools", - "29-pyasn1-modules", - "30-rsa" + "19-fasteners", + "29-httplib2", + "33-oauth2client", + "27-six" ] }, { - "ref": "40-importlib-metadata", + "ref": "41-importlib-metadata", "dependsOn": [ - "41-zipp" + "42-zipp" ] }, { - "ref": "42-jinja2", + "ref": "43-jinja2", "dependsOn": [ - "43-markupsafe" + "44-markupsafe" ] }, { - "ref": "44-jsonschema", + "ref": "45-jsonschema", "dependsOn": [ "6-attrs", - "45-jsonschema-specifications", - "46-referencing", - "47-rpds-py" + "46-jsonschema-specifications", + "47-referencing", + "48-rpds-py" ] }, { - "ref": "45-jsonschema-specifications", + "ref": "46-jsonschema-specifications", "dependsOn": [ - "46-referencing" + "47-referencing" ] }, { - "ref": "46-referencing", + "ref": "47-referencing", "dependsOn": [ "6-attrs", - "47-rpds-py" + "48-rpds-py" ] }, { - "ref": "48-lib4sbom", + "ref": "49-lib4sbom", "dependsOn": [ "13-defusedxml", - "49-pyyaml", - "50-semantic-version" + "50-pyyaml", + "51-semantic-version" ] }, { - "ref": "53-plotly", + "ref": "54-plotly", "dependsOn": [ - "52-packaging", - "54-tenacity" + "53-packaging", + "55-tenacity" ] }, { - "ref": "56-requests", + "ref": "57-requests", "dependsOn": [ - "57-certifi", - "58-charset-normalizer", + "58-certifi", + "59-charset-normalizer", "9-idna", - "59-urllib3" + "60-urllib3" ] }, { - "ref": "60-rich", + "ref": "61-rich", "dependsOn": [ - "61-markdown-it-py", - "63-pygments" + "62-markdown-it-py", + "64-pygments" ] }, { - "ref": "61-markdown-it-py", + "ref": "62-markdown-it-py", "dependsOn": [ - "62-mdurl" + "63-mdurl" ] }, { - "ref": "66-xmlschema", + "ref": "67-xmlschema", "dependsOn": [ - "67-elementpath" + "68-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index 11220947a2..12e41c5e88 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-d846f646-b3c4-47f1-9203-1e44d5b210f1 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-146f1efc-97ef-4b16-b568-084fa08abc52 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.10.4 -Created: 2024-04-29T00:25:49Z +Created: 2024-05-06T00:26:45Z CreatorComment: This document has been automatically generated. ##### @@ -249,18 +249,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: PackageName: gsutil SPDXID: SPDXRef-Package-16-gsutil -PackageVersion: 5.27 +PackageVersion: 5.28 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.27 +PackageDownloadLocation: https://pypi.org/project/gsutil/5.28 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.27 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.28 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.28:*:*:*:*:*:*:* ##### PackageName: argcomplete @@ -313,18 +313,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:* PackageName: gcs-oauth2-boto-plugin SPDXID: SPDXRef-Package-20-gcs-oauth2-boto-plugin -PackageVersion: 3.0 +PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) -PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.0 +PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:* ##### PackageName: boto @@ -343,42 +343,88 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* ##### -PackageName: google-reauth -SPDXID: SPDXRef-Package-22-google-reauth -PackageVersion: 0.1.1 +PackageName: google-auth +SPDXID: SPDXRef-Package-22-google-auth +PackageVersion: 2.17.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google (googleapis-publisher@google.com) -PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0 FilesAnalyzed: false -PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b +PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Google Reauth Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* +PackageSummary: Google Authentication Library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* ##### -PackageName: pyu2f -SPDXID: SPDXRef-Package-23-pyu2f -PackageVersion: 0.1.5 +PackageName: cachetools +SPDXID: SPDXRef-Package-23-cachetools +PackageVersion: 5.3.3 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) -PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 +PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) +PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.3 FilesAnalyzed: false -PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Extensible memoizing collections and decorators +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:* +##### + +PackageName: pyasn1-modules +SPDXID: SPDXRef-Package-24-pyasn1-modules +PackageVersion: 0.4.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 +FilesAnalyzed: false +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A collection of ASN.1-based protocols modules +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:* +##### + +PackageName: pyasn1 +SPDXID: SPDXRef-Package-25-pyasn1 +PackageVersion: 0.6.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0 +FilesAnalyzed: false +PackageLicenseDeclared: BSD-2-Clause +PackageLicenseConcluded: BSD-2-Clause +PackageCopyrightText: NOASSERTION +PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:* +##### + +PackageName: rsa +SPDXID: SPDXRef-Package-26-rsa +PackageVersion: 4.7.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) +PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 +FilesAnalyzed: false +PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: U2F host library for interacting with a U2F device over USB. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* +PackageSummary: Pure-Python RSA implementation +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-Package-24-six +SPDXID: SPDXRef-Package-27-six PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) @@ -393,8 +439,24 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:* ##### +PackageName: google-auth-httplib2 +SPDXID: SPDXRef-Package-28-google-auth-httplib2 +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0 +FilesAnalyzed: false +PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* +##### + PackageName: httplib2 -SPDXID: SPDXRef-Package-25-httplib2 +SPDXID: SPDXRef-Package-29-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) @@ -410,7 +472,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-Package-26-pyparsing +SPDXID: SPDXRef-Package-30-pyparsing PackageVersion: 3.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) @@ -425,73 +487,59 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:* ##### -PackageName: oauth2client -SPDXID: SPDXRef-Package-27-oauth2client -PackageVersion: 4.1.3 +PackageName: google-reauth +SPDXID: SPDXRef-Package-31-google-reauth +PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) -PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 +PackageSupplier: Person: Google (googleapis-publisher@google.com) +PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 FilesAnalyzed: false -PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 +PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: OAuth 2.0 client library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* -##### - -PackageName: pyasn1 -SPDXID: SPDXRef-Package-28-pyasn1 -PackageVersion: 0.6.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0 -FilesAnalyzed: false -PackageLicenseDeclared: BSD-2-Clause -PackageLicenseConcluded: BSD-2-Clause +PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:* +PackageSummary: Google Reauth Library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* ##### -PackageName: pyasn1-modules -SPDXID: SPDXRef-Package-29-pyasn1-modules -PackageVersion: 0.4.0 +PackageName: pyu2f +SPDXID: SPDXRef-Package-32-pyu2f +PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 +PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) +PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 FilesAnalyzed: false +PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: A collection of ASN.1-based protocols modules -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:* +PackageSummary: U2F host library for interacting with a U2F device over USB. +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### -PackageName: rsa -SPDXID: SPDXRef-Package-30-rsa -PackageVersion: 4.7.2 +PackageName: oauth2client +SPDXID: SPDXRef-Package-33-oauth2client +PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) -PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 +PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) +PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 FilesAnalyzed: false -PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa +PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python RSA implementation -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* +PackageSummary: OAuth 2.0 client library +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-Package-31-pyopenssl +SPDXID: SPDXRef-Package-34-pyopenssl PackageVersion: 24.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) @@ -508,23 +556,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. ##### PackageName: cryptography -SPDXID: SPDXRef-Package-32-cryptography -PackageVersion: 42.0.5 +SPDXID: SPDXRef-Package-35-cryptography +PackageVersion: 42.0.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.5 +PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.6 FilesAnalyzed: false -PackageChecksum: SHA1: 33833f031d9d36234e11d9671be150d53b9e598d PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.6 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.6:*:*:*:*:*:*:* ##### PackageName: cffi -SPDXID: SPDXRef-Package-33-cffi +SPDXID: SPDXRef-Package-36-cffi PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) @@ -540,7 +587,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:* ##### PackageName: pycparser -SPDXID: SPDXRef-Package-34-pycparser +SPDXID: SPDXRef-Package-37-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) @@ -556,7 +603,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-Package-35-retry-decorator +SPDXID: SPDXRef-Package-38-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) @@ -572,7 +619,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-Package-36-google-apitools +SPDXID: SPDXRef-Package-39-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) @@ -588,39 +635,8 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:* ##### -PackageName: google-auth -SPDXID: SPDXRef-Package-37-google-auth -PackageVersion: 2.29.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.29.0 -FilesAnalyzed: false -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.29.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:* -##### - -PackageName: cachetools -SPDXID: SPDXRef-Package-38-cachetools -PackageVersion: 5.3.3 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) -PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.3 -FilesAnalyzed: false -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: Extensible memoizing collections and decorators -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:* -##### - PackageName: monotonic -SPDXID: SPDXRef-Package-39-monotonic +SPDXID: SPDXRef-Package-40-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -637,7 +653,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: importlib-metadata -SPDXID: SPDXRef-Package-40-importlib-metadata +SPDXID: SPDXRef-Package-41-importlib-metadata PackageVersion: 7.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com) @@ -653,7 +669,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:7.1 ##### PackageName: zipp -SPDXID: SPDXRef-Package-41-zipp +SPDXID: SPDXRef-Package-42-zipp PackageVersion: 3.18.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com) @@ -669,22 +685,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.18.1:*:*:*:*:*: ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-42-jinja2 -PackageVersion: 3.1.3 +SPDXID: SPDXRef-Package-43-jinja2 +PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.3 +PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.4 FilesAnalyzed: false -PackageChecksum: SHA1: d9de4bb215fd1cc8092a410fb834c7c4060b1fc1 -PackageLicenseDeclared: BSD-3-Clause -PackageLicenseConcluded: BSD-3-Clause +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A very fast and expressive template engine. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.3 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-43-markupsafe +SPDXID: SPDXRef-Package-44-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -699,22 +714,22 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-44-jsonschema -PackageVersion: 4.21.1 +SPDXID: SPDXRef-Package-45-jsonschema +PackageVersion: 4.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema/4.21.1 +PackageDownloadLocation: https://pypi.org/project/jsonschema/4.22.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.21.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.22.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.22.0:*:*:*:*:*:*:* ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-Package-45-jsonschema-specifications +SPDXID: SPDXRef-Package-46-jsonschema-specifications PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -730,22 +745,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification ##### PackageName: referencing -SPDXID: SPDXRef-Package-46-referencing -PackageVersion: 0.35.0 +SPDXID: SPDXRef-Package-47-referencing +PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/referencing/0.35.0 +PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: JSON Referencing + Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-Package-47-rpds-py +SPDXID: SPDXRef-Package-48-rpds-py PackageVersion: 0.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -760,12 +775,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-48-lib4sbom +SPDXID: SPDXRef-Package-49-lib4sbom PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.1 FilesAnalyzed: false +PackageChecksum: SHA1: 4acc6e53fef71b007dc63bac2d407a0d2bbf3bd4 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION @@ -775,7 +791,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*: ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-49-pyyaml +SPDXID: SPDXRef-Package-50-pyyaml PackageVersion: 6.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) @@ -791,7 +807,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-50-semantic-version +SPDXID: SPDXRef-Package-51-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -808,7 +824,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: packageurl-python -SPDXID: SPDXRef-Package-51-packageurl-python +SPDXID: SPDXRef-Package-52-packageurl-python PackageVersion: 0.15.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors @@ -824,7 +840,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 ##### PackageName: packaging -SPDXID: SPDXRef-Package-52-packaging +SPDXID: SPDXRef-Package-53-packaging PackageVersion: 24.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) @@ -839,22 +855,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-Package-53-plotly -PackageVersion: 5.21.0 +SPDXID: SPDXRef-Package-54-plotly +PackageVersion: 5.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) -PackageDownloadLocation: https://pypi.org/project/plotly/5.21.0 +PackageDownloadLocation: https://pypi.org/project/plotly/5.22.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.21.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.21.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.22.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-54-tenacity +SPDXID: SPDXRef-Package-55-tenacity PackageVersion: 8.2.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) @@ -871,7 +887,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-55-python-gnupg +SPDXID: SPDXRef-Package-56-python-gnupg PackageVersion: 0.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -888,7 +904,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-56-requests +SPDXID: SPDXRef-Package-57-requests PackageVersion: 2.31.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -905,7 +921,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-57-certifi +SPDXID: SPDXRef-Package-58-certifi PackageVersion: 2024.2.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -920,7 +936,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.2.2:*:*:*:* ##### PackageName: charset-normalizer -SPDXID: SPDXRef-Package-58-charset-normalizer +SPDXID: SPDXRef-Package-59-charset-normalizer PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) @@ -936,7 +952,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:* ##### PackageName: urllib3 -SPDXID: SPDXRef-Package-59-urllib3 +SPDXID: SPDXRef-Package-60-urllib3 PackageVersion: 2.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) @@ -951,7 +967,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.1:*:*:*:*:*: ##### PackageName: rich -SPDXID: SPDXRef-Package-60-rich +SPDXID: SPDXRef-Package-61-rich PackageVersion: 13.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) @@ -966,7 +982,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-61-markdown-it-py +SPDXID: SPDXRef-Package-62-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -982,7 +998,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-Package-62-mdurl +SPDXID: SPDXRef-Package-63-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -998,23 +1014,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-63-pygments -PackageVersion: 2.17.2 +SPDXID: SPDXRef-Package-64-pygments +PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.17.2 +PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0 FilesAnalyzed: false -PackageChecksum: SHA1: ee30ce132ae252bd72f3a74c86d9314a2214d0b4 PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.17.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:* ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-64-rpmfile +SPDXID: SPDXRef-Package-65-rpmfile PackageVersion: 2.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -1029,7 +1044,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:* ##### PackageName: toml -SPDXID: SPDXRef-Package-65-toml +SPDXID: SPDXRef-Package-66-toml PackageVersion: 0.10.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: William Pearson (uiri@xqz.ca) @@ -1045,7 +1060,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: ##### PackageName: xmlschema -SPDXID: SPDXRef-Package-66-xmlschema +SPDXID: SPDXRef-Package-67-xmlschema PackageVersion: 3.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1060,7 +1075,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-67-elementpath +SPDXID: SPDXRef-Package-68-elementpath PackageVersion: 4.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1075,7 +1090,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-68-zstandard +SPDXID: SPDXRef-Package-69-zstandard PackageVersion: 0.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1099,35 +1114,36 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-distr Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-filetype Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-gsutil Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-40-importlib-metadata -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-packageurl-python -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-urllib3 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-toml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-68-zstandard +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-importlib-metadata +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jinja2 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-jsonschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-packageurl-python +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-urllib3 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-toml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-zstandard Relationship: SPDXRef-Package-10-beautifulsoup4 DEPENDS_ON SPDXRef-Package-11-soupsieve Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-19-fasteners Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-20-gcs-oauth2-boto-plugin -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-reauth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-pyopenssl -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-35-retry-decorator -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-36-google-apitools -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-37-google-auth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-monotonic +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-google-reauth +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-34-pyopenssl +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-38-retry-decorator +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-google-apitools +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-40-monotonic Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-async-timeout @@ -1135,55 +1151,60 @@ Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-attrs Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-multidict Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-yarl Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-boto -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-reauth -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-oauth2client -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-rsa -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-pyopenssl -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-35-retry-decorator -Relationship: SPDXRef-Package-22-google-reauth DEPENDS_ON SPDXRef-Package-23-pyu2f -Relationship: SPDXRef-Package-23-pyu2f DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-25-httplib2 DEPENDS_ON SPDXRef-Package-26-pyparsing -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-28-pyasn1 -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-29-pyasn1-modules -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-30-rsa -Relationship: SPDXRef-Package-29-pyasn1-modules DEPENDS_ON SPDXRef-Package-28-pyasn1 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-google-reauth +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-oauth2client +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-pyopenssl +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-38-retry-decorator +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-23-cachetools +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-24-pyasn1-modules +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-24-pyasn1-modules DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-26-rsa DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-29-httplib2 DEPENDS_ON SPDXRef-Package-30-pyparsing Relationship: SPDXRef-Package-3-aiosignal DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-30-rsa DEPENDS_ON SPDXRef-Package-28-pyasn1 -Relationship: SPDXRef-Package-31-pyopenssl DEPENDS_ON SPDXRef-Package-32-cryptography -Relationship: SPDXRef-Package-32-cryptography DEPENDS_ON SPDXRef-Package-33-cffi -Relationship: SPDXRef-Package-33-cffi DEPENDS_ON SPDXRef-Package-34-pycparser -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-27-oauth2client -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-29-pyasn1-modules -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-30-rsa -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-38-cachetools -Relationship: SPDXRef-Package-40-importlib-metadata DEPENDS_ON SPDXRef-Package-41-zipp -Relationship: SPDXRef-Package-42-jinja2 DEPENDS_ON SPDXRef-Package-43-markupsafe -Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-45-jsonschema-specifications -Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-46-referencing -Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-47-rpds-py -Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-45-jsonschema-specifications DEPENDS_ON SPDXRef-Package-46-referencing -Relationship: SPDXRef-Package-46-referencing DEPENDS_ON SPDXRef-Package-47-rpds-py -Relationship: SPDXRef-Package-46-referencing DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-48-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml -Relationship: SPDXRef-Package-48-lib4sbom DEPENDS_ON SPDXRef-Package-49-pyyaml -Relationship: SPDXRef-Package-48-lib4sbom DEPENDS_ON SPDXRef-Package-50-semantic-version -Relationship: SPDXRef-Package-53-plotly DEPENDS_ON SPDXRef-Package-52-packaging -Relationship: SPDXRef-Package-53-plotly DEPENDS_ON SPDXRef-Package-54-tenacity -Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-57-certifi -Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-58-charset-normalizer -Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-59-urllib3 -Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-9-idna -Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-61-markdown-it-py -Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-63-pygments -Relationship: SPDXRef-Package-61-markdown-it-py DEPENDS_ON SPDXRef-Package-62-mdurl -Relationship: SPDXRef-Package-66-xmlschema DEPENDS_ON SPDXRef-Package-67-elementpath +Relationship: SPDXRef-Package-31-google-reauth DEPENDS_ON SPDXRef-Package-32-pyu2f +Relationship: SPDXRef-Package-32-pyu2f DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-24-pyasn1-modules +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-34-pyopenssl DEPENDS_ON SPDXRef-Package-35-cryptography +Relationship: SPDXRef-Package-35-cryptography DEPENDS_ON SPDXRef-Package-36-cffi +Relationship: SPDXRef-Package-36-cffi DEPENDS_ON SPDXRef-Package-37-pycparser +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-33-oauth2client +Relationship: SPDXRef-Package-41-importlib-metadata DEPENDS_ON SPDXRef-Package-42-zipp +Relationship: SPDXRef-Package-43-jinja2 DEPENDS_ON SPDXRef-Package-44-markupsafe +Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-46-jsonschema-specifications +Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-47-referencing +Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-48-rpds-py +Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-46-jsonschema-specifications DEPENDS_ON SPDXRef-Package-47-referencing +Relationship: SPDXRef-Package-47-referencing DEPENDS_ON SPDXRef-Package-48-rpds-py +Relationship: SPDXRef-Package-47-referencing DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml +Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-50-pyyaml +Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-51-semantic-version +Relationship: SPDXRef-Package-54-plotly DEPENDS_ON SPDXRef-Package-53-packaging +Relationship: SPDXRef-Package-54-plotly DEPENDS_ON SPDXRef-Package-55-tenacity +Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-58-certifi +Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-59-charset-normalizer +Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-60-urllib3 +Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-9-idna +Relationship: SPDXRef-Package-61-rich DEPENDS_ON SPDXRef-Package-62-markdown-it-py +Relationship: SPDXRef-Package-61-rich DEPENDS_ON SPDXRef-Package-64-pygments +Relationship: SPDXRef-Package-62-markdown-it-py DEPENDS_ON SPDXRef-Package-63-mdurl +Relationship: SPDXRef-Package-67-xmlschema DEPENDS_ON SPDXRef-Package-68-elementpath Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-7-multidict Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-9-idna